ROYAL INSTITUTE OF TECHNOLOGY Assignment Report Network Security IV2020 /ICSS Submitted By Vivek Agrawal (871231-7216) Group Details Chaitanya Pinnaka Vivek Agrawal December 20, 2010
1. Assignment Topic Message Integrity: One student will create and verify MAC and protect it using shared secret. The other student will create and verify MAC and protect it using private/public key pair. 2. Details of the selected protocol The details of the selected protocol can be derived from the Figure 1. At the sender s side MAC is created using a shared secret key (S). Here block (H) denotes the generation of MAC. MAC is encrypted using a symmetric key (K). Now the message is appended with the encrypted/protected MAC. Receiver receives the message in the form of message + encrypted MAC. Since the MAC is encrypted using the symmetric key (shared by only sender and receiver), so receiver will be able to decrypt the MAC successfully using secret key (K). The original message is then used to generate the MAC using same shared secret key (S) and then it is verified against the decrypted MAC. The receiver is assured that the message has not been changed. If an attacker alters the message but does not alter the MAC, then the receiver s calculation of the MAC will differ from the received MAC. Because the attacker is assumed not to know the secret key, the attacker cannot alter the MAC to correspond to the alterations in the message [1]. S S Figure 1: Creation and encryption of MAC at the sender s side and decryption and verification of MAC at receiver s side [3] 3. Individual implementation I am dealing with the creation and protection of MAC using symmetric key and this protected MAC is transmitted to the receiver with the original message. This program assumes that two communicating parties share a common secret key K. File plaintext.txt contains a message which is communicated from sender A to recipient B.
a. Sender s Side (Main.java) First step is to read the message from the plaintext.txt file and save the content in a variable [2]. // to read the plaintext/ message from a given file BufferedInputStream br = new BufferedInputStream(new FileInputStream("plaintext.txt")); while (br.available() > 0) { plaintextbytes = new byte[br.available()]; br.read(plaintextbytes); Now shared secret key will be generated in order to calculate the MAC of the message. // generation of shared secret key to generate MAC KeyGenerator keygen = KeyGenerator.getInstance("HmacMD5"); SecretKey mac_key = keygen.generatekey(); Mac mac = Mac.getInstance(mac_key.getAlgorithm()); mac.init(mac_key); The next step is to calculate MAC using the secret key. //creation of MAC byte[] temp_data = plaintextbytes; byte[] digest = mac.dofinal(temp_data); The above 3 steps can be summarized as [1]: MAC=C (K,M) Where M=Input Message C=MAC function K=shared secret key MAC=message authentication code This shared secret key is saved in a text file mac_key.txt and then symmetric key is calculated to protect the MAC. Symmetric key is calculated using DES algorithm. Symmetric key is also saved in a text file sym_key.txt. Mac is now protected using symmetric key. Encryption algorithm which is used to encrypt the MAC is DES/ECB. //initialization of Cipher Cipher c; c = Cipher.getInstance("DES/ECB/PKCS5Padding"); //Encryption of MAC c.init(cipher.encrypt_mode, sym_key); byte[] ciphertext = c.dofinal(digest);
System.out.println("protected MAC : " + ciphertext); BufferedOutputStream out_mac = new BufferedOutputStream(new FileOutputStream("protected_mac.txt")); out_mac.write(ciphertext); out_mac.flush(); out_mac.close(); Protected MAC is saved in the file protected_mac.txt. Sender will send the protected_mac.txt, plaintext.txt, Sym_key.txt, mac_key.txt files to the receiver. b. Receiver s Side (Verify_MAC.java) Receiver reads the protected MAC from the file protected_mac.txt and decrypts it using the symmetric key [2]. BufferedInputStream in_mac = new BufferedInputStream(new FileInputStream("protected_mac.txt")); byte[] ciphertext = new byte[in_mac.available()]; in_mac.read(ciphertext); in_mac.close(); //initialization of Cipher Cipher c; c = Cipher.getInstance("DES/ECB/PKCS5Padding"); //to extract the shared secret key for MAC BufferedInputStream in1 = new BufferedInputStream(new FileInputStream("Sym_key.txt")); byte[] keybytes = new byte[in1.available()]; in1.read(keybytes); in1.close(); SecretKeySpec sym_key = new SecretKeySpec(keyBytes, "DES"); //Deryption of MAC c.init(cipher.decrypt_mode, sym_key); byte[] plaintext = c.dofinal(ciphertext); Receiver then generates the MAC of the plaintext/message using the same algorithm and same shared secret key. //to read message from the file byte[] plaintextbytes = {}; BufferedInputStream br = new BufferedInputStream(new FileInputStream("plaintext.txt")); while (br.available() > 0) { plaintextbytes = new byte[br.available()]; br.read(plaintextbytes); } //to extract the shared secret key for MAC BufferedInputStream in = new BufferedInputStream(new FileInputStream("mac_key.txt")); byte[] keybytes1 = new byte[in.available()]; in.read(keybytes1);
in.close(); //calculation of MAC at recipient's end SecretKeySpec skeyspec = new SecretKeySpec(keyBytes1, "HmacMD5"); Mac mac = Mac.getInstance(skeySpec.getAlgorithm()); mac.init(skeyspec); byte[] utf8 = plaintextbytes; byte[] digest = mac.dofinal(utf8); If the newly generated MAC is similar to the decrypted MAC the receiver is assured that the message has not been altered. boolean mac_verify = true; for (int i = 0; i < plaintext.length; i++) { if (plaintext[i]!= digest[i]) { mac_verify = false; System.out.println("Message has been changed, so it cannot be authenticated."); break; } } if (mac_verify) { System.out.println("Message authenticated successfully."); }
4. Results a. Scenario 1 Original Message is : My name is vivek Agrawal. My password is KTH for the system. So at the sender s side the output of the code is: Figure 2: Creation and protection of MAC at the sender s side If the same message is transmitted to the receiver end then the output of the code is: Figure 3: Verification of MAC at the receiver s side
b. Scenario 2 Original Message is : My name is vivek Agrawal. My password is KTH for the system. So at the sender s side the output of the code is: Figure 4: Creation and protection of MAC at the sender s side Now the message has been altered by an attacker. The message received by the receiver is now: My name is Bill Gates. My password is KTH_Bill for the system. Output of the code at the receiver s side is: Figure 5: Verification of MAC at the receiver s side Since the message has been changed so the receiver will not get the same MAC and in this way it can be concluded that the original message has been changed.
5. Conclusion This assignment allows us to implement the message integrity feature using java. After conducting this assignment we are able to understand the logic /details of MAC clearly. 6. References 1. Stallings, William. Cryptography and Network Security Principles and Practices, Fourth Edition. s.l. : Prentice Hall, 2005. 2. Hook, David. Beginning Cryptography with Java. s.l. : Wiley Publishing, Inc., 2005. 3. Morgan, Matei Ciobanu. Lecture 4, Message Confidentiality and Integrity. 2010. Slide Number 32.